Cyber Command creates forum with industry to share threat information
Written by Marc Pomerleau
U.S. Cyber Command has created a private sector collaboration program to share ideas and information on critical cyber threats with the goal of further strengthening national cybersecurity.
The program, dubbed “Under Notice”, involves members of the command’s elite Cyber National Mission Force (CNMF) – which is tasked with tracking and disrupting specific nation-state adversaries – sitting in chat rooms and disclosing threats with the cybersecurity industry, the officials mentioned.
These military personnel are using their real names for the sake of transparency and are actually talking to members of the private sector.
“They are technical experts who can actually talk to people. They sit in private discussions, elite invitation-only industry forums, all in full name and with fully transparent attribution,” Major General William Hartman, commander of the cyber mission force, said Wednesday. during a speech at the Vanderbilt University Summit on Modern Conflict and Emerging Threats. “If you see anything in the news about a cyber incident, you can bet one of them got a call around 1am the day before and exchanged unclassified information with cybersecurity experts as quickly as possible. “
These discussions take place on Signal and other trusted cybersecurity forums, Holly Baroody, deputy national cyber mission force commander, said at an event hosted by AFCEA on April 20.
“When I arrived at the CNMF, I said to myself, what can we share with them? Much of what we do is classified. But it turns out we can share a lot. We are fighting the same bad actors the industry is fighting,” she said. “When we identify a foreign threat and are able to share it with the industry, and then they share information, our cyber experts are able to enrich that data and feed it back into the industry. This two-way sharing of threat information both enables our operations to pursue these foreign cyber actors in foreign space and enables the defense of the national network.
Much of cyberspace and cybersecurity is a symbiotic relationship. Threats that affect one affect all, and many have called team cybersport the quintessential.
“If you have information about a threat to your network, it’s a threat to everyone’s network…If we share information with each other, we can reduce vulnerabilities and stop many attacks before they don’t happen,” Hartman said. “Not only does this help [the Department of Defense] defend our networks, but allows industry partners where we are able to enrich their data with our expertise and share information with partners who can see and do things on their platforms and in their networks that we cannot. can’t.
As of press time, Cyber Command has not responded to FedScoop as to when the program will begin and why it is needed.
For many years after Cybercom’s creation, the DOD faced challenges using its new cyberforce to protect the nation from the barrage of cyber intrusions and breaches it faced.
Historically, it was clear that the Pentagon would defend against a missile strike on a US entity, for example. However, given the pervasiveness of cyber activity in society and since most networks are not owned by the government, the DoD’s role in protecting the nation from foreign cyber threats was less clear.
Through simplified authorities and new operational concepts, Cyber Command has articulated its ability to operate out of the country to defeat adversary cyber advances before they reach American soil.
“From an offensive perspective, we take everything we learn about our adversaries and turn that into offensive action to actively pursue our adversaries into foreign cyberspace,” Baroody said. “We look for their infrastructure, we look for their capabilities. Frankly, we’re chasing whatever in their ecosystem makes them effective in attacking the United States. We take steps to disrupt, degrade and deny their operations. This combined defensive and offensive approach imposes costs on our adversaries by taking up their time, money and resources. [and] making it harder for them to do their job.
The National Cyber Mission Force has leaked more than 90 adversary malware samples to public forums through so-called forward hunting operations, which involve the physical dispatch of cyber protection teams geared towards the defense of the CNMF to foreign countries to hunt threats on their networks at the invitation of the host nations. Disclosure of malware not only helps organizations protect against threats, but also keeps these tools away from adversaries.
The Under Advice program is another example of Cyber Command using its unique capabilities and expertise to lend a hand in efforts to bolster national security.